November 14th, 2017

.NET Framework November 2017 Security and Quality Rollup

Rich Lander [MSFT]
Program Manager

Today, we are releasing the November 2017 Security and Quality Rollup.

Security

This release contains no new security updates. The most recent .NET security updates were shipped with the September 2017 Security and Quality Rollup.

Quality and Reliability

This release contains the following quality and reliability improvements.

CLR

  • Code optimization bug for x64 C# code targeting .NET Framework 4.6.1 and running on .NET Framework 4.7. [484415]

WPF

  • WPF touch stops working after many touch events due to reference counting issue. [460192]
  • WPF touch generates a NullReferenceException in System.Windows.Input.StylusWisp.WispLogic.ProcessInputReport with .NET Framework 4.7. [480909]
  • WPF crash caused by INVALID_POINTER_WRITE_c0000005_PenIMC_v0400.dll!CPimcContext::GetPenEventMultiple. [488390]
  • WPF rendering of UI Elements broken in Windows Services. [497604]

Note: Additional information on these improvements is not available. The VSTS bug number provided with each improvement is a unique ID that you can give Microsoft Customer Support, include in StackOverflow commentsor use in web searches.

Security Compliance Guidance

This guidance is for companies that want to install the minimum set of security updates each month. If you want security and quality updates, do not follow this guidance.

Guidance for this month:

  • Install Windows 10 updates (the Windows 10 LCU).
  • Do not install pre-Win10 .NET Framework updates.

Explanation: .NET Framework updates for Windows 10 are included with the Windows 10 LCU (which include Windows security updates), while pre-Windows 10 .NET Framework updates are separate updates (which only include quality updates this month).

Note: You can look at the Classification release attribute to see if a .NET Framework update falls under either “Security Updates” or “Updates” category. See this month’s Windows 10 1709 and Windows 7 releases as examples.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, Microsoft Update Catalog, and Docker.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, .NET Framework updates are part of the Windows 10 Monthly Rollup.

Product Version Security and Quality Rollup KB
Windows 10 1709 (Fall Creators Update) Catalog 4048955
.NET Framework 4.7.1 4048954
Windows 10 1703 (Creators Update) Catalog 4048954
.NET Framework 4.7 4048954
Windows 8.1 Windows RT 8.1 Windows Server 2012 R2 Catalog 4049017
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7 4041777
.NET Framework 4.5.2 4040974
.NET Framework 3.5 4040981
Windows Server 2012 Catalog 4049018
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7 4041776
.NET Framework 4.5.2 4040975
.NET Framework 3.5 4040979
Windows 7 Windows Server 2008 R2 Catalog 4049016
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7 4041778
.NET Framework 4.5.2 4040977
.NET Framework 3.5.1 4040980
Windows Server 2008 Catalog 4049019
.NET Framework 4.6 4041778
.NET Framework 4.5.2 4040977
.NET Framework 2.0 4040978

Docker Images

Docker images have been updated as part of today’s release. The following repos have been be updated.

Note: Look at the “Tags” view in each repository to see the updated Docker image tags.

Note: Significant changes have been made with Docker images recently. Please look at .NET Docker Announcements for more information.

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

Category
.NET

Author

Rich Lander [MSFT]
Program Manager

Richard Lander is a Principal Program Manager on the .NET Core team. He works on making .NET Core work great in memory-limited Docker containers, on ARM hardware like the Raspberry Pi, and enabling GPIO programming and IoT scenarios. He is part of the design team that defines new .NET runtime capabilities and features. He enjoys British rock and Doctor Who. He grew up in Canada and New Zealand.

0 comments

Discussion are closed.